By the time the vulnerability was publicly reported, it was already being used by a Chinese hacking group known as “APT3 [Advanced Persistent Threat 3]”. The group was sending phishing emails aimed at organisations in the aerospace, defence, construction, engineering, high tech, telecommunications and transportation industries, according to Fireeye, which ultimately caused a backdoor to be placed on the victim’s computers.

“This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based zero-day exploits (eg Internet Explorer, Firefox, and Adobe Flash Player),” the researchers write. A zero-day exploit is one which has never been used before; thus, the firm involved has “zero days” to fix it.

Whereas before, the exploit had only been used by APT3, on Saturday, a further warning was put out after it made its way into a popular exploit kit called Magnitude. Kits such as Magnitude let would-be malware authors put together their software without having to write the exploits, and this has already been used to try and install ransomware on victim’s computers.

Installing the latest version of Adobe Flash will leave the system secure once again.